ONTAP pre-update check: Openssh 7.2 upgrade Warning: "hmac-ripemd160" and precheck "hmac-ripemd160-etm" are considered weak
Applies to
- ONTAP 9.1 and later
- Upgrading from 9.1 to 9.2 and later
Issue
While performing the ONTAP upgrade pre-check command
cluster image validate -version
you receive the following pre-check Warning:Pre-update Check Status Error-Action --------------------- ---------- -------------------------------------------- Openssh 7.2 upgrade Warning Warning: "hmac-ripemd160" and precheck "hmac-ripemd160-etm" are considered weak keyed-hash message authentication code (HMAC) algorithms and support for the same will be removed after upgrading to Data ONTAP 9.3. Action: Before retrying the upgrade, remove the above weak algorithms using "security ssh remove" command. To list all Vservers configured with one or both the above HMAC algorithms, run "security ssh show -mac-algorithms hmac-ripemd160* -vserver * -fields vserver"